[rssac-caucus] [Ext] Re: FOR REVIEW: Harmonizing the Anonymization of Queries to the Root

[Joao Damas]

At this point my suggestion is to investigate and, eventually, if feasible put forward a proposal. A couple of comments below:

> On 13 Feb 2018, at 18:26, Paul Hoffman <paul.hoffman at icann.org> wrote:
> 
> On Feb 13, 2018, at 8:38 AM, Joao Damas <joao at bondis.org> wrote:
>> 
>> Great document!
>> Any chance the study could analyse the idea of an “anon server” where a centralised system (OARC, ICANN, someone else) would run the crypto-anonimisation based on an input list sent by a given DNS operator, allowing cross-operator correlation for all operators using the system without sharing the secret?
> 
> We could do that if there is any interest. It has a few drawbacks:
> 
> - The system would not be real-time (although it could be close).

Yes, more like a batch thing.

> 
> - The RSOs would have to trust the operator of the system to keep the random key secret, forever.

Or the operator could “loose” the key once a year, converting the process in a one-way process.

> 
> - When one RSO sends its list to the system, that RSO then knows the source addresses seen by other RSOs if there is overlap in the lists.

Shared keys have that property, yes, also in the case mentioned in the current document. However in this case, the key is applied to multiple data sets and not shared between people.

> 
> Does this seem worth pursuing?

I will leave that to the list. Personally, I do see value in such a system as it allows correlation while minimising risks derived from actually sharing the key itself.

Joao